PHP

I’ve recently decided to make the switch to Doctrine as the ORM of choice for any new PHP projects we work on. I didn’t make this decision lightly as, until now, I have been a long time user and advocate of Propel having given talks on it at PHP conferences and even a webinar or two. So why the change? That’s really not significant, what is significant is I think I can give a very quick punchlist of things about each that other PHP’er might find useful when evaluating them for themselves. Propel Pros – First, let’s be clear...

Two weeks ago MVCnPHP v0.3.0 was released into the wild. This update really addresses only two things:

CSRF Protection - If your views use the built in support for Flexy (via the class BaseViewFlexy) then your forms will automatically have a Cross Site Request Forgery token added to the form as a hidden field along with having two cookies set to check the validity of that CSRF token. The CSRF support is enabled by default which means all MVCnPHP commands that extend BaseCommand will automatically check the token for you.

This is just a friendly reminder that this Friday, March 27th from 12pm-1pm CST I will be giving a webinar on using Propel, an object relational mapper (ORM). This webinar is just one of a series being sponsored by php|architect. The webinar will focus on the basics of installing and using Propel as well as one or two more advanced topics. If you are interested why not register now!

I will start this blog entry by saying I like Zend Framework. I really do. However, the part of ZF I don't use is the MVC implementation. No, it's not bad. Actually it's a good implementation that is the product of a lot of hard work by Zenders and non-Zenders alike. I use bits and pieces of ZF in my PHP projects and, admittedly, Zend's MVC implementation never made the cut. Why?

I started using my first MVC implementation, Phrame, back around 2002 long before ZF. I was quickly turned off...

I wanted to give a heads-up to all the PHP, Mac and Oracle fans that I just had an article published on the Oracle Technology Network (OTN). It's been in the works for months but has only just recently been published. I have to give Christopher Jones a lot of credit for being patient wtih me. The end result was an article that was fairly easy to write but was a bit of a pain. What you see in the final version is how to setup PHP, Apache and the Oracle Instant Client on a...

Yesterday, on an invitation from our Information Security Office (ISO), I had the pleasure of giving a talk on about injection flaws, Cross Site Scripting (CSS) and Cross Site Request Forgeries (CSRF). That talk had a surprisingly large turnout and crowd participation was good. Anyway, I took my old talk on CSRF and expanded it to include a very simple PHP script (roughly 60 lines of code) that had 2 SQL injection flaws, 2 XSS flaws and a CSRF flaw to boot. I demo'd the flaws (sample input included) and I provided another script...

Being the recent (and appreciative) recipient of a MacBook I've been getting all the usual development tools installed. Everything went pretty much as expected until I got to where I wanted to compile PHP5. Not just any flavor of PHP5 but a snapshot of PHP 5.3. While this focuses on 5.3 you'd have to do the same song and dance for the PHP 5.2 source. Why?

If there is anything you should gleam from this article for future reference, Leopard comes with a 64bit Apache installation. Thus if I go into the PHP 5.3 source...

On my flight to the DC PHP Conference in Washington D.C. I had a chance to read a copy of Pro PHP: Patterns, Frameworks, Testing and More written by Kevin McArthur. I've never written a book, I clearly don't have a first hand appreciation for the amount of work that undoubtedly goes on under the hood. Given that I will try to be as constructive with this review as possible.

Michael Tutty, a friend and co-worker, gave the below talk at the DC PHP Conference . PHP SOAP Toolkit is a handy way to fill-in some of the "missing" pieces of SOAP support in PHP that make implementing both SOAP services and clients in a way that is inter-operable with other languages like .NET and Java. If you are interested in getting your feet wet with PHP and SOAP particularly with contract-first type of development you can take your WSDL on over here where you can quickly turn it into a downloadable PHP SOAP...